Re: lo0 filter friendly for UTM

One of the easiest is to change your last term to an "accept all" instead of "deny all", and have two terms before it: ssh and https accept from certain source IPs; ssh and https deny from all; followed by allow all. This avoids needing to know each port you need to open up. It also means you'd trust the SRX to be secure.

If you do want to explicitly allow, you could remove the filter, run a monitor traffic, run UTM updates, then go through the capture file to see what protocols are being used.